← voltar
CVE-2017-12873

CVE-2017-12873

EPSS 1.7%
SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain sensitive information, gain unauthorized access, or have unspecified other impacts by leveraging incorrect persistent NameID generation when an Identity Provider (IdP) is misconfigured.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953https://lists.debian.org/debian-lts-announce/2017/12/msg00007.htmlhttps://simplesamlphp.org/security/201612-04https://www.debian.org/security/2018/dsa-4127